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What is claimed is: 

1 . A method of controlling access to execution resources comprising: 
receiving a request to execute an instruction in a pre-boot environment; 
determining an identity of the instruction; 

determining if an access control list includes an entry corresponding to the 
instruction; and 

selectively allowing the execution of the instruction if the access control list 
includes an entry corresponding to the instruction. 

2. A method as defined by claim 1, further including allowing the 
execution of the instruction if a signature in the access control list matches a signature 
of the instruction. 

3. A method as defined by claim 1 , including selectively allowing the 
execution of the instruction if the access control list does not include an entry 
corresponding to the instruction if the instruction is signed. 

4. A method as defined by claim 1 , wherein the instruction is requested 
by a service call to be executed. 

5. A method as defined by claim 4, including determining from the access 
control list system resources that may be used by the instruction. 

6. A method as defined by claim 4, including determining an identity of 
an entity making the service call. 

7. A method as defined by claim 4, including determining if the 
instruction to be executed is within a predefined area of memory. 

8. A method as defined by claim 1, wherein the instruction is an 
operating system loader that dictates a secure boot and wherein a recovery mode of 
operation is entered if the access control list does not include an entry corresponding 
to the instruction. 
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9. An article of manufacture comprising a machine-accessible medium 
having a plurality of machine accessible instructions that, when executed, cause a 
machine to: 

receive a request to execute an instruction in a pre-boot environment; 
determine an identity of the instruction; 

determine if an access control list includes an entry corresponding to the 
instruction; and 

selectively allow the execution of the instruction if the access control list 
includes an entry corresponding to the instruction. 

10. A machine-accessible medium as defined by claim 9, wherein the 
plurality of machine accessible instructions, when executed, cause a machine to allow 
the execution of the instruction if a signature in the access control list matches a 
signature of the instruction. 

11. A machine-accessible medium as defined by claim 9, wherein the 
plurality of machine accessible instructions, when executed, cause a machine to 
selectively allow the execution of the instruction if the access control list does not 
include an entry corresponding to the instruction if the instruction is signed. 

12. A machine- accessible medium as defined by claim 9, wherein the 
instruction is requested to be executed by a service call. 

13. A machine-accessible medium as defined by claim 9, wherein the 
plurality of machine accessible instructions, when executed, cause a machine to 
determine from the access control list system resources that may be used by the 
instruction. 

14. A machine-accessible medium as defined by claim 13, wherein the 
plurality of machine accessible instructions, when executed, cause a machine to 
determine an identity of an entity making the service call. 

15. A machine-accessible medium as defined by claim 13, wherein the 
plurality of machine accessible instructions, when executed, cause a machine to 
determine if the instruction to be executed is within a predefined area of memory. 
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16. A machine-accessible medium as defined by claim 9, wherein the 
instruction is an operating system loader that dictates a secure boot and wherein a 
recovery mode of operation is entered if the access control list does not include an 
entry corresponding to the instruction. 
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17. A system comprising: 

an execution environment configured to execute code; 
a instruction to be executed; 

a platform security unit coupled to the execution environment and receiving a 
request to execute the instruction in a pre-boot environment, wherein the platform 
security unit is configured to: determine an identity of the instruction, determine if an 
access control list includes an entry corresponding to the instruction, and selectively 
allow the execution of the instruction by the execution environment if the access 
control list includes an entry corresponding to the instruction. 

18. A system as defined by claim 17, wherein the platform security unit 
allows the execution of the instruction by the execution environment if a signature in 
the access control list matches a signature of the instruction. 

19. A system as defined by claim 1 7, wherein the platform security unit 
selectively allows the execution of the instruction by the execution environment if the 
access control list does not include an entry corresponding to the instruction if the 
instruction is signed. 

20. A system as defined by claim 17, wherein the instruction is requested 
by a service call to be executed. 

21 . A system as defined by claim 20, wherein the platform security unit 
determines from the access control list system resources that may be used by the 
instruction. 

22. A system as defined by claim 20, wherein the platform security unit 
determines an identity of an entity making the service call. 

23. A system as defined by claim 20, wherein the platform security unit 
determines if the instruction to be executed is within a predefined area of memory. 
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